Librem 5 is Better Than GrapheneOS, CalyxOS, LineageOS: Another Reason

I saw this article today. Even if you buy an android-first phone (Google Pixel, Fairphone, etc) with the thought of installing a “privacy-respecting” android fork, such as GrapheneOS, CalyxOS, /e/ OS, LineageOS, etc, there is some new evidence that the system-on-chip (SOC) is still uploading your information to the cloud without your knowledge or consent. I would hope that Purism devices would not do this, but of course, that is for you to believe or not believe. For me, this is another piece of evidence that the whole android eco-system is inherently exploitative and invasive into your personal life, and I count this as another reason that Purism devices are superior.

https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

EDIT: NitroKey published this article as, in part, a marketing pitch to sell more phones made by Google (i.e. the “NitroPhone” is a Google Pixel). That harms their credibility regarding ethical technology, in my mind. According to Martijn Braam (https://blog.brixit.nl/nitrokey-dissapoints-me/), the internet traffic they discovered is a fetch of data to help make GPS work better/faster. Mr. Braam believes fetching this data is ethical.

4 Likes

They specify the nitro phone (which is a pixel) as not having this issue. So there’s that.

2 Likes

Yes, that is true, for what it’s worth. Although, unfortunately, I think Google’s privacy abuses are too many for a device made by them to be taken seriously in terms of privacy.

1 Like

I don’t quite believe the report. If the data had been transmitted unencrypted, this would have been noticed long ago.

1 Like

I hear you, but in this case they seem to be the lesser of evils. I doubt the nitrokey folks were paid by google to do this study or make this report.

2 Likes

I appreciate your skepticism, but I can’t help wonder, if you had seen an earlier report of this discovery, would you have disregarded it by the same logic?

Good point, but I’m still skeptical about it. I’ve never heard of guys, and I can’t find anything in the trade press or on the trustworthy websites…

Not that I don’t think there’s a hell of a lot of pissing going on…

My comment was wrong, so I removed it.
I appoligize if I offended someone.

Think this is worth a read from Martin Braam https://blog.brixit.nl/nitrokey-dissapoints-me/

5 Likes

Its about GPS Signal optimasazion, to do that so the Qualcom Driver have to update information about GPS Satilites (Position, Time and Speed) to fine tune the Positions.

If you are interesting in GPS Systems in general… on the last May-contain-Hackers Camp 2022, Bert Hubert hold a nice Talk about this.

That is a good article, I added a link to it to my original post.

Nevertheless, I disagree that this internet traffic from the SOC–without the device owner’s knowledge or consent–is all fine and good. I think it makes sense in the world of android, where the owner of a device is treated like a child who is allowed to use the phone, but has no control over it: “what is all this data being uploaded and downloaded from the device that I bought?” “nevermind, that’s just something the adults need to do, okay? Just go back to your video clips.”

Qualcomm could have implemented this in a more respectful way. For example, the owner of the device could have supplied their own GPS almanac file or given permission for the file to be downloaded.

3 Likes

Don’t forget that Purism mentions in its general news article about an Goldoson adware infecting apps hosted on the Google Play server. The cyberattack must be a side effect of Googlization. I assume that all Android phone OS, on a large extent, peruse .apk file format as archive file. In that case, the supposedly official and safest app server has/may lost is credibility.

Yes, but no. The knowledge is non existent, and will effective be hide to young brains. Because you earn more money to have a personalized better signal in your homes, if Wlan knows your furniture and Room Walls and the Position of the Router and Repeater. And the other companies love to sell your daily movements your hearth rate and the movement and heart rates of your visitors, pets or children. Oh and very new device logged in to your Network too.

So yes it would be nice to hae that too in GPS level, but we do not have this in Wlan, Zigbee or with BLE Devices… so no, that is already a wild west. So no.

You have not the power to change settings of every Apple Smartphone walking by or Car drive on the road in front of your house and scanning for devices and Airtags. So you have to live with it, and GPS-Almanac is not a bigger issue if you use an Android Device, without hardware switches.

I think this is kind of ok. You do not need GPS for Smartphones if you have an offline Map or can use the Internet for Maps. Or have a dedicated GPS Routing device which you do not need often or carry it with you on your daily tasks.

In Tomorrows world this can be an issue or danger for a self individual program, but i think then the Computers change the DNS resolve of that Almanac Download-URL to an alternative File… or got banned for doing that.

Do you know the War Games Movie by Disney? In future its not play TNW, is about Lets Play train Neural Networks (by gather to much Data and private Information) and nudge Influencer’s.

I spent to much time looking and thinking about the abyss.